(12) 



UK Patent Application m,GB n.>231346p .,3,A 



(11)^ \^ 1%^ -TW/ (13) 
(43) Date of A Publicatton 26.11.1997 



(21) Application No 9709891.7 
{22) Date of Filing 1^05.1897 



(30) Priority Data 

(31) 196200346 



(32) 21.05.1996 (33) DE 



(71) Applicant(8) 

Robeft Bosch GmbH 

(Incorporatod in the Fodoral RepubBc of Geimanv) 

Postf ach 30 02 20, D-70442 Stuttoart 30. 
Fodarat Rainiblie of Gannany 

(72) lnventor(s) 

Peter Van Haparen 

(74) Agent and/or Address for Service 
W P Thompson & Co 

Coopers BuflcBnOr Church Street UVBtPOOU LI 3AB, 
United Kingdom 



(51) INTCL® 

G06F 1/00 

(52) UK CL (Edition O ) 

G4H HKK HTG H1A H13D H14A H14B H14D 

(56) Documents Cited 

EP0632413A1 EP 0564632 A1 EP 0432409 A1 
EP 0147837 A2 WO 96/18139 A1 US 4333090 A 

(58) Field of Search 

UK CL (Edition 0 ) 04A AAP , Q4N HKK HTG 
iNTCL^ G06F,G07C 



(54) Graphical password entry 

(57) A log-in procedure to a computer system for users of a data terminal, which procedure serves with the 
aid of a graphical password entry to render it more difficult to decode the password. For this purpose the 
computer displays on the display screen a number of graphical symbols which e.g must be clicked using the 
mouse pointer. The positions of the graphical symbols can be changed on the display screen from one log-In 
procedure to another. 
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DESCRIPTION 
GRAPHICAL PASSWORD ENTRY 

The invention relates to a log-in procedure to a computer system with the 
aid of inputting a graphical password. 

The log-in procedure to a computer system nonnally requires user 
name and a user-specrfic password to be input by way of a keyboard. Hawever, 
this password protection is not sufficient. In practice, passwords can be:d!S^x>ded 
in a short space of time with the aid of password generators. The reason^or this 
is the human brain which is only able to recall well structured sequences,, that is 
to say words which have a meaning. When the contents of the lexicons of 
different languages are examined, it is probable that the password .will be 
decoded. In practice, password interrogation Is the only hurdle to accessing a 
modem computer network. It is absolutely necessary to provide ^..^jieliable 
password interrogation for the purpose of protecting the system. Consequently 
it is naturally not permitted to note down the password anywhere and It must 
nevertheless comprise a simple structure such that it can be used agajn even 
after a long period. The system security sets a prerequisite that the ideal 
password however is to be an arbitrary combination of letters and / or numbers. 
However, it is precisely this type of sequence which a human being is ur^ble to 
retain in his / her memory. rh 

A type of password entry is known wherein alphanumeric characters are 
displayed on a display screen. The actual password is achieved using^ ai^mouse 
by clicking on to the alphanumeric character in the con'ect sequence. In the case 

'*-«■• V.i'. 

of this system it is, however, still possible for an unauthorized user to deopde the 
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password by observing the activity on the display screen. 

In accordance with the present invention, there is provided a log-in 
procedure to a computer system for users of a data terminal, of the type in which 
the password is entered by selecting a graphical symbol in a position on the 
display screen, wherein the graphical symbols of the display screen are generated 
by the computer in any of the display screen positions, which positions change 
from one log-in procedure to another, and wherein the symbols are fixedly 
allocated to a code stored in the computer and a fixed series of symbols in its 
entirety represents the password. 

In contrast to the prior art, a log-in procedure in accordance with the 
present invention has the advantage that the symbols which are displayed on the 
display screen change position from one log-in procedure to the next. This has 
the advantage that an unauthorized user Is not able to decode the password by 
observing the log-in procedure. 

By virtue of the features set down in the subordinate claims it is possible 
to develop further and improve the log-in procedure stated in the main claim. 

It is a further advantage that the computer system can allocate to the 
display screen positions code sequences of any length. It is particularly 
advantageous that the password is not bound to alphanumeric characters, but 
rather that graphical images can be displayed so that the system functions 
independently of the language area. It Is also possible with this log-in procedure 
to illustrate Chinese or Japanese characters or even to illustrate a graphics picture 
which is particularly suitable for children. A further advantage is that it is possible 
to render it more difficult for others to read the password sequence 



simultaneously, in that the actual clicking on to the desired symbol is disguised 
by virtue of the fact that clicking noises produced by the computer are 
superimposed. The length of the password, i.e the number of graphical symbols 
clicked is fixed by the system. It is possible for these code sequences, which are 
allocated to these graphical symbols or to their positions on the display ^aeen. 
to be of any length. 

In an advantageous embodiment a picture illustration, and not individual 
graphical symbols, is projected on to the display screen. .i^t. 

An exemplified embodiment of the invention is explained in detail in the 
description hereinunder and illustrated in the drawing, in which 

Figure 1 shows a display screen for the graphical password:j^try, 
Figure 2 shows a sequence of correct graphical symbols. 
The log-in procedure to a computer system is commenced by Altering a 
user name at a data terminal. The system projects on the display screen of the 
tenninal a two-dimensional arrangement of windows, in which symbolSjJrnages 
or even alphanumeric characters are located. The system requests the user to 
enter his / her password. Depending upon the resolution and size of the^display 
screen, the image which is displayed on the screen can contain up to lOOidifferent 
symbols, wherein the prerequisite is that the images can be readily identified and 
comprise sufficient distinctive features. For example the graphical -password 
consists of a row of eight symbols, which during input must be selected in a 
specific order by the user. The symbols are selected e.g by clicking on to^he said 
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symbols using a mouse. When using touch screens the symbol is selected by 
touching the screen. When selecting a symbol only one click tone Is transmitted 
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as an acknowledgement and the current number of symbols selected is indicated. 
In so doing the actual graphical window containing the symbols does not change. 
It is merely the xy-positions of the mouse click which are transmitted by way of the 
connection line between the data terminal and the computer It is only in the 
computer itself that the position is allocated to the associated identification by way 
of a table [sic]. This identification fomos the actual password, which is checked 
in the conventional manner in the computer, e.g the number of unsuccessful 
attempts, or a blocking of the password entry after three unsuccessful attempts 
can be fixed. By virtue of the fact that the password sequence is fixed merely by 
the xy-data and is transmitted by way of the line, it is also no longer possible to 
decode the password by monitoring the data transfer line. 

If the user would like to log-in to the computer system on another occasion, 
the user is again provided with a display screen containing graphical symbols. 
The number of symbols is maintained, however these symbols are an-anged by 
the computer in a different sequence on the display screen. If the positions are 
changed from log-in procedure to log-in procedure, a list of the symbols, the xy- 
positions and the identifications must also be changed in each case. A possible 
password entry is illustrated in Figure 2, wherein in this example no different 
symbols have been selected. In this case the password sequence consists of 
eight symbols, namely 4 "prams", 2 "child bicycles" and 2 "bicycles". A password 
sequence of this type can be more readily retained in the human brain, as it is 
possible to relate a story to the series of images. Moreover, the human brain is 
better able to recall images than alphanumeric characters. A possible password 
must be able to be fixed by the user, so that the advantages of storing graphics 
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in the brain can be utilized. 

The selection when fixing the password sequence occurs likewise by 
clicking on to the possible symbols which are all displayed on the display screen. 
A dick tone is produced as an acknowledgement to clicking on to a symbol and 
the current selection of the selected symbols is indicated. 

A further protective feature can be incorporated for the log-in procedure to 
computer systems. In the case of this protective feature, in addition to the click 
tone when clicking on to the correct symbol, the system actually produces,a series 
of tones, which are superimposed onto the actual log-in procedure. In this 
manner it is also made more difficult to deduce the positions of the graphical 
symbols by overhearing. 
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CLAIMS 

1 . A log-in procedure to a computer system for users of a data terminal, 
of the type in which the password is entered by selecting a graphical symbol in 
a position on the display screen, wherein the graphical symbols of the display 
screen are generated by the computer in any of the display saeen positions, 
which positions change from one log-in procedure to another, and wherein the 
symbols are fixedly allocated to a code stored in the computer and a fixed series 
of symbols in its entirety represents the password. 

2. A log-in procedure according to claim 1 , wherein the position of the 
symbol selected is transmitted from the data terminal to the computer. 

3. A log-in procedure according to claim 1 or 2, wherein the identification, 
stored in the computer, with respect to one position and thus to the symbol can 
contain any number of alphanumeric characters. 

4. A log-in procedure according to claim 1 or 2. wherein it is possible to 
detenmine the number of symbols which represent a password. 

5. A log-in procedure according to any of claims 1 to 4, wherein the 
symbols are selected by touching a touch-screen. 

6. A log-in procedure according to any of claims 1 to 5, wherein a click 
tone is produced as an acknowledgement of clicking on to a symbol and there is 
a large number of symbols. 

7. A log-in procedure according to any of claims 1 to 6, wherein the 
symbols can consist of alphanumeric characters or of images. 

8. A log-in procedure according to any of claims 1 to 7, wherein the system 
produces click tones which are superimposed on to the actual clicking of the 



symbols. 

9. A log-in procedure to a computer system, substantially as hereinbefore 
described, with reference to and as illustrated in the accompanying drawings. 




Application No: 
Claims seardied: 



GB 9709891.7 
1-9 



Office 



Examinen 
Date of search: 



Nfike Davis 
15 July 1997 



Patents Act 1977 

Search Report under Section 17 

Databases searched: 



UK Patent Office collections* including GB, EP, WO & US patent specifications, in: 
UK CI (Ed.O): G4H (HKK,HTG), G4A (AAP) 
Int a (Ed.6): G06F, G07C 
Other: 



Dociunents considered to be releyant: 



Category 


Identity of document and relevant passage 


Rebviat 

to claims 


X 


EP 0632413 Al 


(BULL CPS) 


l\8t least 


X 


EP 0564832 Al 


(IBM) 


m 


X 


EP 0432409 Al 


(KROMER) 


m 


X 


EP 0147837 A2 


(OMRON TATEISD 


m 




WO 96/18139 Al 


(PHILIPS) 


m 


X 


US 4333090 


(HIRSCH) 


m 



X Pocutaent indicating hck of novelty or mvcntive rtep A DocumeBt inrticitn\g tecfanoiogical btcfcground tnd/or <ito of fht ait. 

Y rvvtwi%#«t iftHv^t^ u<x,»nti%im If r-^^^n^ p DocunKtt publishcd oo Of aficf ctw dficSaxtd pHority dalt but be^^ 

with one or moie odier documeflti of aame categoiy. the filing date of this inventioa. 

E Puem dociunem published on or after, but with priority date earlier 

A Member of the aame patent ftfflily than, the filing date of this aro^6><»^- . • • ' 



An Executive Agency of the Depanment of Trade and Industry 



